• Home
  • cyber
  • Yahoo, Facebook, TikTok, Netflix, Microsoft Outlook, OnlyFans, Binance and Canadian service provider: Massive Data Breach Exposes 149 Million User Passwords For Gmail, Facebook, & More
cyber Breach

Yahoo, Facebook, TikTok, Netflix, Microsoft Outlook, OnlyFans, Binance and Canadian service provider: Massive Data Breach Exposes 149 Million User Passwords For Gmail, Facebook, & More

Jan 23, 2026 3 min read
Yahoo, Facebook, TikTok, Netflix, Microsoft Outlook, OnlyFans, Binance and Canadian service provider: Massive Data Breach Exposes 149 Million User Passwords For Gmail, Facebook, & More

Massive Credential Breach Exposes 149 Million Logins in Unsecured Database

A security researcher recently uncovered a staggering data exposure involving 149 million usernames and passwords left unprotected on the internet. The database, hosted by a Canadian service provider, was freely accessible via a standard web browser, allowing anyone to search and extract sensitive login details without authentication. The breach remained active for about a month, with new credentials continuously added before the hosting provider took it offline following notification.

The compromised data spanned a wide range of platforms, including:

  • Email services: 48 million Gmail, 4 million Yahoo, and 1.5 million Microsoft Outlook accounts
  • Social media: 17 million Facebook, 780,000 TikTok, and 100,000 OnlyFans logins
  • Streaming & entertainment: 3.4 million Netflix subscriptions
  • Financial services: 420,000 Binance cryptocurrency accounts, along with banking and credit card details
  • Government & education: 1.4 million .edu domain credentials and other official systems

Investigators traced the breach to infostealing malware, which infects devices through phishing, malicious downloads, or compromised websites. The malware logs keystrokes and captures login credentials, funneling them into centralized databases like the one discovered. Each entry included unique identifiers, suggesting the database was designed for large-scale criminal operations, such as account takeovers or ransomware attacks.

The implications of this breach are severe, with risks ranging from identity theft and financial fraud to potential espionage via compromised government and academic accounts. The incident reflects a broader trend of unsecured databases and the growing accessibility of cybercrime tools renting infrastructure for such operations can cost as little as $200–$300 per month, enabling even low-skilled threat actors to amass vast troves of data.

While no immediate exploits have been confirmed, the exposure underscores persistent vulnerabilities in data security practices. Similar breaches have repeatedly demonstrated how quickly stolen credentials circulate on underground forums, prolonging the threat long after the initial leak. The full impact of this incident may unfold over time as attackers exploit the exposed information.

Source: https://cordcuttersnews.com/massive-data-breach-exposes-149-million-user-passwords-for-gmail-facebook-more/

Yahoo TPRM report: https://www.rankiteo.com/company/yahoo

Facebook TPRM report: https://www.rankiteo.com/company/Facebook

TikTok TPRM report: https://www.rankiteo.com/company/tiktok

Netflix TPRM report: https://www.rankiteo.com/company/netflix

Microsoft Outlook TPRM report: https://www.rankiteo.com/company/microsoft-security

OnlyFans TPRM report: https://www.rankiteo.com/company/onlyfans

Binance TPRM report: https://www.rankiteo.com/company/binance

Canadian service provider TPRM report: https://www.rankiteo.com/company/canadian_institute_cybersecurity

"id": "yahFactiknetmiconlbincan1769189638",
"linkid": "yahoo, Facebook, tiktok, netflix, microsoft-security, onlyfans, binance, canadian_institute_cybersecurity",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '48 million',
                        'industry': 'Technology',
                        'name': 'Gmail',
                        'type': 'Email Service'},
                       {'customers_affected': '4 million',
                        'industry': 'Technology',
                        'name': 'Yahoo',
                        'type': 'Email Service'},
                       {'customers_affected': '1.5 million',
                        'industry': 'Technology',
                        'name': 'Microsoft Outlook',
                        'type': 'Email Service'},
                       {'customers_affected': '17 million',
                        'industry': 'Technology',
                        'name': 'Facebook',
                        'type': 'Social Media'},
                       {'customers_affected': '780,000',
                        'industry': 'Technology',
                        'name': 'TikTok',
                        'type': 'Social Media'},
                       {'customers_affected': '100,000',
                        'industry': 'Adult Entertainment',
                        'name': 'OnlyFans',
                        'type': 'Social Media'},
                       {'customers_affected': '3.4 million',
                        'industry': 'Entertainment',
                        'name': 'Netflix',
                        'type': 'Streaming Service'},
                       {'customers_affected': '420,000',
                        'industry': 'Finance',
                        'name': 'Binance',
                        'type': 'Cryptocurrency Exchange'},
                       {'customers_affected': '1.4 million',
                        'industry': 'Education/Government',
                        'name': '.edu Domains',
                        'type': 'Education/Government'}],
 'attack_vector': 'Infostealing Malware',
 'data_breach': {'number_of_records_exposed': '149 million',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Usernames',
                                              'Passwords',
                                              'Banking/Credit Card Details']},
 'description': 'A security researcher uncovered a data exposure involving 149 '
                'million usernames and passwords left unprotected on the '
                'internet. The database, hosted by a Canadian service '
                'provider, was freely accessible via a standard web browser '
                'without authentication. The breach remained active for about '
                'a month, with new credentials continuously added before the '
                'hosting provider took it offline following notification. The '
                'compromised data spanned email services, social media, '
                'streaming, financial services, and government/education '
                'accounts. The breach was traced to infostealing malware, '
                'which logs keystrokes and captures login credentials for '
                'criminal operations.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': '149 million usernames and passwords',
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High',
            'systems_affected': 'Email services, social media, streaming, '
                                'financial services, government/education '
                                'accounts'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Likely',
                           'entry_point': 'Phishing, Malicious Downloads, '
                                          'Compromised Websites'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'The incident underscores persistent vulnerabilities in '
                    'data security practices, particularly the risks of '
                    'unsecured databases and the accessibility of cybercrime '
                    'tools. Stolen credentials can circulate on underground '
                    'forums, prolonging the threat long after the initial '
                    'leak.',
 'motivation': 'Financial Gain, Account Takeovers, Ransomware Attacks',
 'post_incident_analysis': {'root_causes': 'Infostealing malware, unsecured '
                                           'database, lack of authentication '
                                           'for sensitive data'},
 'response': {'containment_measures': 'Database taken offline by hosting '
                                      'provider'},
 'title': 'Massive Credential Breach Exposes 149 Million Logins in Unsecured '
          'Database',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Unsecured Database'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.